The tls package

This provides a high-level implementation of a sensitive security protocol,
eliminating a common set of security issues through the use of the advanced
type system, high level constructions and common Haskell features.

Currently implement the SSL3.0, TLS1.0, TLS1.1 and TLS1.2 protocol,
with only RSA supported for Key Exchange.

Readme for tls-0.9.7

haskell TLS

Description

This provides a high-level implementation of a sensitive security protocol,
eliminating a common set of security issues through the use of the advanced
type system, high level constructions and common Haskell features.

Only core protocol available here, have a look at the tls-extra package for
default ciphers, compressions and certificates functions.

Features

tiny code base (more than 20 times smaller than openSSL, and 10 times smaller than gnuTLS)

permissive license: BSD3.

supported versions: SSL3, TLS1.0, TLS1.1, TLS1.2.

key exchange supported: only RSA.

bulk algorithm supported: any stream or block ciphers.

supported extensions: secure renegociation

Common Issues

The tools mentioned below are all available from the tls-debug package.

Certificate issues

It's useful to run the following command, which will connect to the destination and
retrieve the certificate chained used.

tls-retrievecertificate -d <destination> -p <port> -v -c

As an output it will print every certificates in the chain and will gives the issuer and subjects of each.
It creates a chain where issuer of certificate is the subject of the next certificate part of the chain: